Auth in ArcGIS Online – Patrick Arlt

Auth in ArcGIS Online – Patrick Arlt

6 6


Presentation on authentication in ArcGIS Online at the 2015 Esri Dev Summit.

On Github patrickarlt / dev-summit-2015-authentication-in-arcgis-online

Auth in ArcGIS Online

Patrick Arlt

Experience Developer - ArcGIS for Developers

@patrickarlt -

What is oAuth 2.0?

A standard for conveying authorization decisions.

I {username} authorize {app name} to do {whatever}

OAuth 2.0 is not an authentication protocol

OAuth 2.0 !== authentication protocol

OAuth 2.0 != authentication protocol

OAuth 2.0 is used inside of authentication protocols

OAuth 2.0 doesn't know about your users identities, it only care about authorization

OAuth 2.0 === Authorization
ArcGIS Portal/Online === Identity && Access

A Complete System

oAuth 2.0 + ArcGIS Portal/Online

User Logins vs App Authentication

User Logins

User authorizes application Application can act on users behalf Usage if any is billed to that users organization

User User Logins When...

  • You have to work with private content
  • you need to create/edit content
  • want usage to be billed to your apps users

Application Authentication

App exchanges credentials for token Uses token to access premium services Often implimented as a proxy

Use Application Authentication When…

  • You only need to work with public and premium content
  • You dont want your users to sign in

Whats Changed?

  • ArcGIS Portal 10.3 now supports oAuth 2.0
  • 1st class oAuth 2.0 support in the JS API
  • More support for OAuth in the ArcGIS Runtimes
  • New ways to access premium services
  • Better Authentication Docs

Demo Time!

  • Browser-based with JS API
  • Server-based with JS API + Hapi
  • App Proxies for Premium Services
Demos on GitHub


Twitter: @patrickarlt